Merge pull request #23 from phantom/kuba/fix-publishing

fix: trusted publishing 3

Author: jkadamczyk

.github/workflows/release.yml

@@ -20,7 +20,6 @@ jobs:
     env:
       # Force npm to emit provenance (SLSA) when publishing via OIDC.
       NPM_CONFIG_PROVENANCE: true
-      NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN_PHANTOM_SECURITY_BOT }}
 
     steps:
       - name: Checkout Repo
@@ -33,8 +32,8 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20.x
+          cache: "yarn"
           registry-url: "https://registry.npmjs.org"
-          token: ${{ secrets.NPM_PUBLISH_TOKEN_PHANTOM_SECURITY_BOT }}
 
       - name: Ensure npm 11.5.1+ for trusted publishing
         run: npm install -g npm@^11.5.1
@@ -44,10 +43,11 @@ jobs:
 
       - name: Create Release Pull Request or Publish to npm
         id: changesets
-        uses: changesets/action@v1
+        uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba
         with:
           # This expects you to have a script called release which does a build for your packages and calls changeset publish
+          version: yarn changeset version
           publish: yarn release
+          commitMode: github-api
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN_PHANTOM_SECURITY_BOT }}